Slashdot Mirror
Is IoT a Reason To Learn C? (cio.com)
itwbennett writes: Whether or not beginning programmers should learn C is a question that has been roundly debated on Slashdot and elsewhere. The general consensus seems to be that learning it will make you a better programmer -- and it looks good on your resume. But now there might be another reason to learn C: the rapid growth of the internet of things (IoT) could cause a spike in demand for C skills, according to Gartner analyst Mark Driver. "For traditional workloads there is no need to be counting the bytes like there used to be. But when it comes to IoT applications there is that need once again..."
and I not sure learning C will help much with that.
Pain is merely failure leaving the body
Ugh... Please don't give them any ideas. C is plenty fine for the task.
I heard this said before about phones, but eventually technology developed enough to allow mobile devices to have a strong enough processor. People are already too used to program higher-level and I see no reason why the same environments we have in our phones can't run on our fridges or boilers or ovens, therefore I do not think that people will use C.
Avantgarde Hebrew science fiction
So is Oberon, for example.
Ezekiel 23:20
IoT is a reason to learn a few things about IT security. Whether you plan to develop in the field or go into consulting, IoT means total job security in the IT-Security field for the foreseeable future.
Quite frankly, if you thought Microsoft is keeping security busy, just wait 'til IoT makes it big into the office space. You're looking at security holes and blunders you can't even imagine today! And every single of them are a sweet, sweet, 4 to 5 digit consulting gig!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
The language that pretty much invented to buffer overflow? Yeeeah, I think you might be right.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If you're applying at a shop that does a lot of low level coding or coding on processor, memory and/or storage restricted platforms, if you're only experience is in Java or C#, I'd say your chances are pretty low. Walk in with a good practical grounding in C coding, I would imagine your chances go up. Not every shop is occupied by hipsters looking for keywords like "Python".
The world's burning. Moped Jesus spotted on I50. Details at 11.
Swift is a language well-suited to byte counting, if that is a need - at this point because of the tremendous pressure to increase security on iOT devices I really think Swift could have massive uptake.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
C was invented as portable assembly IIRC. If you cant sort out a buffer overflow then dont call yourself a programmer.
Real programmers see their job as making the computers job easy, not the other way around.
Career network security programmer here.
Absolutely of you're programming a device that connects to the internet, you should understand a bit about security and have a security mindset. If your device won't get regular updates, this is even more true.
Where does C fit in? It's unnecessary, if you just want to learn basic security best practices.
If you want to really understand how exploits work, and some advanced protections, you need to understand how your program and your data are arranged in memory, what actually happens in the hardware to when your asynchronous timer goes off, etc. For that, C is the language to learn. Java programmers know how to use Java. C programmers know how Java works, internally. The bad guys writing exploits are (typically) C programmers, they can defeat your PHP or Python program because they know how PHP and Python work internally.
You've always used languages with automatic garbage collection, so you mostly don't have to worry about freeing memory after you use it? Great. You don't know how and when memory is freed, and what happens when a hacker exploits a "use after free" to execute code that he's put into the variable you think no longer exists.
To be clear, I'm not saying that people need to *use* C to write secure software. I'm saying that if you *learn* C, you'll learn a lot that applies to advanced security knowledge in any language. Higher level languages are most commonly written in C; if you know how things are done in C you'll understand what your high-level language is doing behind the scenes. You'll understand your Ruby software much better if you understand how the same program works in C.
Computers (and machines in general) were created to make the life of humans easier. Imho, a real programmer also remembers that fact.
Avantgarde Hebrew science fiction
Real programmers? As compared to the untrue Scotsman?
Look around you and see what doubles as "programmer" today. Ask them how a stack overflow happens and why that is a problem. If I get a buck from you every time you get a blank stare and you get ten from me every time you get a sensible answer, your house belongs to me before the week is out.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I do embedded C programming. With this said, I don't think that improvements to the tools are impossible - sure, I have to prevent buffer overflows myself at the present time - but it doesn't have to be this way. The key thing about embedded programming is that hardware designers are lazy. They want to do the least amount of work possible. So instead of making their hardware easy to program, they like to make it in a way that is easiest to them. So every data sheet contains all kinds of special exceptions to the rules that you the programmer have to take into account. And instead of supporting some fancy, easy to program in language, they do the minimum amount of work to make a C compiler work. (it's really minimal - you only need to map a few base instructions to opcodes on the hardware and you can bootstrap the C compiler).
One major issue is while every microcontroller or DSP generally has roughly the same stuff - various ports that do the same thing, the MAC instruction, usually a von Neuman architecture, usually interrupts and DMA - you basically have to scrape the datasheet for weeks to do something you've done before on a different microcontroller.
This is a discussion about platforms that would buckle under the bulk of a micro-OS and a JS interpreter/VM stack. And that's not even handling the issue that most of these devices use embedded hardware platforms that you need to access with specific assembler calls - how would you do that in JS or Python!?
There are a few JavaScript interpreters that use very minimal resources and have access to all the necessary hardware (wifi, BLE, SPI, UART, i2c, etc), these are Duktape http://duktape.org/, Espruino https://github.com/espruino/Es..., JerryScript https://github.com/jerryscript..., and more. These are all designed for IoT devices. For performance this is an interesting read: https://www.espruino.com/Perfo...
knowing how to program in C and how C works under the hood makes you a better programmer. Even if you don't program in C. That is reason enough.
Non sequitur: Your facts are uncoordinated.
Well, most systems use third party C compilers, gcc or keil or whatever. C is low level enough that the CPU doesn't have to know it's C anyway, it could be Fortran, Pascal, Ada, or whatever as long as it has a basic stack model. They're not supporting any language. Von Neuman isn't even required, there are many embedded systems that are Harvard architecture (separate regions for code and data) which C supports just fine.
Most buffer overflows weren't necessarily because of being sloppy in the original code, but because the code was copied so readily. Someone has a simple routine without all the necessary checks because it's not being used for anything very important, software that doesn't need to be secure, it's a one-off utility (maybe it converts postscript to PCL). Then someone copies that routine into another program, makes that a set-uid program, and poof you've got a security hole. First programmer says "it was not intended to be re-used", second programmer says "re-inventing the wheel is foolish!", and they blame each other.
You canuse rust, that's kind of what it's designed for. It's got more or less the same view of the machine as C, but with a much more sophisticated compiler front end.
SJW n. One who posts facts.
There are a lot of people who say they know C who can't handle some of the simple stuff in C, as I have seen in many interviews.
I started saying "I'm sorry that I will ask some very simple questions..." because I felt embarrassed asking someone with so much on-paper experience who is applying for a hands on development job to do such simple things. Then so many of them flub it. Now I'm wondering if my apologies that the question is "simple" actually ends up as an insult for someone who can't figure them out.
I dunno. There is still significant overhead with C++, which is a big problem with small devices (128KB of code for example). There's the issue of the linker not really figuring out how to share object code for templates to avoid typical bloat. There's the hidden operations behind the scenes that cause problems for novice programmers running out of space or wandering why their code is so slow. There really is no good way to make exceptions both fast and use little code space (a shame since I like them if used properly).
I do want to use a better-C-than-C. C with classes just for the sake of structuring code more coherently. C with better type checking rules. C where I can release a semaphore on any exit from a function. A stripped down C++ that more resembles Cfront without all the newer fluff.
If you really want something unmaintainable you should go for Simulink.
On the other hand - I have never seen a good reason NOT to learn C. It's one of the basic building block languages that's widely used on almost every platform, so you won't waste your time if you learn C.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
... Embedded is a reason to learn C though. And embedded and IoT do have some intersection/overlap. But I IoT itself is mostly a fad involving the slapping together of unsafe preconfection microlinuxes with unsafe overkill websevers/port 80 stuff and adding that to toasters and stuff that really don't need it and won't be used more than ~3 times unless by some bored teenagers wgo wants to screw up your homes heating or AC by surfing on shodan for some lonb forgotten default access to said IoT trinkets.
Bottom line:
You shouldn't do anything because of IoT unless it,s avoiding it like the plague (unless you're a hacker that is). OTOH If you want to learn embedded, C with assembler for the basics is the way to go.
Good luck.
We suffer more in our imagination than in reality. - Seneca
A C64 game written in C++17.
This kinda displays why C++ is unsuitable for small memory stuff. The C64 had remarkably large games in its time, and yet by using C++ all that is possible is a simple pong clone. I wrote for the C64. This "demo" is very unimpressive.
I'm a minority race. Save your vitriol for white people.
Sadly I run into that a lot, and I've interviewed a lot of people for low-level (i.e. bare metal) programming. Generally speaking, C is a fairly simple language, but in my line of work you better know damned well what various keywords mean and how they behave (like volatile) and know pointers backwards and forwards.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
Good god, just learn C instead of trying to force javascript into everything. It's like my wife trying to drive a nail into a wall with her high heel shoe. Sure, it would probably work eventually, but the right tool for the job is right there in the toolbox. Use it. Step outside your little javascript box and learn something new.
There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
I work at a company that makes chips for IoT, though in this case the chips are targeted at things like routers, switches, network security appliances and highly intelligent network cards. While C++ is supported, all of the stuff I work on is C. Our SDK is C. All of the vendor SDKs I've come across for dealing with different devices are written in C. Interfacing to C is fairly simple and well understood compared to introducing C++ in an embedded environment. Now the environment I deal with is either the Linux kernel or lower, usually lower since I work with bare metal most of the time.
C is used for a number of reasons.
1. The generated code is quite fast and fairly compact. With my experience with MIPS the output of the compiler is pretty close to hand-tuned assembly in most cases.
2. It's easy to deal with hardware registers in C. Hardware registers can be defined by volatile bitfields so a simple pointer can be used to access them.
3. There is no unintended overhead or hidden behavior. With C it is very much what you see is what you get. It doesn't do stuff under the covers.
4. Memory mapping data structures and things like that are very easy in C.
5. One is not dependent on things like a certain standard library. The amount of code needed for basic C support is fairly minimal. All you really need is a stack. I have plenty of code that does not have a heap.
6. Things like interrupt handlers are fairly trivial to code in C.
7. One can do interesting things using the linker with C code that are not really possible with most other languages. For example, I can easily link my code to execute at a particular address and generate a binary without any elf headers or any other cruft and there are interesting things that can be done with linker scripts.
8. There is no unexpected overhead due to the language. There is no background garbage collection that can run at some inopportune time. There's no extra code to do bounds or pointer checking to slow down the code or even get in the way.
9. Generally it is pretty easy to move between different versions of the toolchain. C generally doesn't change much.
10. C seems to resist bloat better than other languages, in part because it does exactly what you tell it to and nothing more.
Much of this can apply to C++ as well, though C++ requires a lot more overhead in order to properly support it due to some of the language features and C++ can hide certain things if you aren't careful.
That's not to say that things can't be written in high-level languages. There is plenty of flexibility once you get to something like a Raspberry Pi user-space program.
Arduino uses a subset of C++ but it's such a small subset that it might as well be C.
I write this as someone who has been writing embedded C code and assembly (98% C) for the last 20 years, though I have also worked on a few C++ projects as well. Most of this was device drivers, Vx Works, bootloaders (U-Boot and custom), bare metal applications and SDKs (dealing with high speed networking, 1, 2.5, 5, 10, 25 and 40Gbps) and some Linux kernel work and Arduino. I've worked with a variety of different CPU architectures (Intel, MIPS, ARM, PowerPC and more) including one that ran a functional programming language natively in hardware (the processor was physically incapable of running C code).
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
Actually most modern languages fall apart since you need a certain feature set at the low level that high-level languages try and protect you from. Many languages have significant overhead required just to use the language and thus don't work well in low memory situations.
I have written a number of bootloaders that have to fit in 8K of RAM. There is absolutely no way I could write them in anything other than C and a minimal amount of assembly. C code can be very efficient with modern compilers optimized for size. I'd put them close to carefully coded assembly. Often the C code is smaller than assembly because the compiler will make choices that the assembly programmer will avoid just for readability and maintainability.
Most higher level languages do hand holding with things like pointers and memory management which get in the way and consume a lot of resources. C is very good for low level bare metal programming. All that pointer checking and other features have a cost in terms of size and performance.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
He is absolutely correct. There are some aspects where the two languages diverge. The way you program in C tends to be very different compared to the way C++ code is written. I have worked with both extensively for low-level projects (i.e. bare metal device drivers).
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
While most of my work is for chips that are vastly more powerful than what is found in IoT devices I work on bootloaders and bare-metal programming. In some cases memory is a premium. With only a couple of exceptions, all of the work I have done has always been with C. Most small micros are programmed in C almost exclusively with a sprinkling of assembly.
C is very good for working closely with the hardware and in memory constrained environments. C code does exactly what it says. There is no hidden overhead. The runtime needed to run C code is pretty minimal. All it really needs to get going is often a few registers initialized and a stack and it's ready to go.
It works beautifully with memory mapped registers and data structures which are extremely common in this environment. There's even a keyword designed for this, volatile, that is not present in most other languages (or it does not do the same thing).
I can use a bitfield to define hardware registers and just map a pointer to the address of that register and use it. Mixing in assembly code is easy if it's needed, though generally I find that assembly code isn't needed very often.
It's also easy to generate a binary blob using C, a linker script and a tool like objcopy.
My experience has mostly been with 64-bit MIPS and some ARMV8 but it applies to most embedded processors. The output of the C compiler when optimizing for size (with the right options set) is pretty close to hand optimized assembly and often even better because the compiler does things that would make the code otherwise hard to read or maintain. The runtime overhead of C is minimal.
C's flexibility with pointers is also a huge plus. I can easily convert between a pointer and an unsigned long (or unsigned long long) and back as needed, or typecast to a different data type and pointer arithmetic is trivial. There is no hidden bounds checking or pointer checking to worry about. Many people say that's a bad thing, but when you're working close to the metal it can really turn into a major pain in the you know what. Master pointers and know how and when to typecast them. I've seen too many times where people screw up pointer arithmetic. I once spent several weeks tracking down a bug that showed up in one of my large data structures where I saw corruption. It turned out that some totally unrelated code written by somebody else in a totally different module was written by someone who didn't understand pointer arithmetic and was spewing data all over the place other than where it should be. He also didn't realize that when you get data from a TCP stream you don't always get the amount of data you ask for, it could be less.
I have been writing low-level device drivers and bootloaders for over 20 years and while programming has changed significantly for more powerful systems in userspace, for low level programming it has changed very little. My advice is to learn C and learn it well. Know what some of those keywords mean like static and volatile. Anyone who interviews in my group damned well better know what volatile means and how to use it.
C isn't a very complicated language but it takes time to properly master. It also doesn't hold your hand like many modern languages, which is why you often hear it is easy to have things like buffer overflows or stack overflows and it's also easy to shoot yourself in the foot. It doesn't have many of the modern conveniences, but those conveniences often come at a cost in terms of memory and performance.
The best book I've seen on the language was written by the authors of the language. It's not very long but it is concise and well written.
The C Programming Language by Brian W. Kernighan and Dennis M. Richie.
I have also worked on C++ device drivers. While the overhead of C++ itself is generally minimal, it depends that you use only a subset of C++ and you have to know what C++ is doing behind the sce
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
The nice thing about C is that is as close to portable assembler as a language can get. It forces you to understand how computers and OSs work in order to become proficient, and in time your code will become better because of it - even when using other languages.
Of course, the ugly thing about C is that is as close to portable assembler as a language can get.
Hardware registers can be defined by volatile bitfields so a simple pointer can be used to access them.
Unless, of course, you have multiple registers with ordering constraints between them (e.g. write some data into one register, toggle a flag in another), because the volatile keyword in C does not give any guarantees of ordering between accesses to different volatile objects and the compiler is completely free to reorder the write to the flag before the write to the data.
Things like interrupt handlers are fairly trivial to code in C.
As long as someone else is writing the assembly code that preserves state for the interrupted context, prevents the interrupt handler from being interrupted, and so on, and then calls into the C code. And with those constraints, pretty much any compiled language is equivalent.
One can do interesting things using the linker with C code that are not really possible with most other languages. For example, I can easily link my code to execute at a particular address and generate a binary without any elf headers or any other cruft and there are interesting things that can be done with linker scripts
That's pretty much true for any compiled language.
There is no unexpected overhead due to the language. There is no background garbage collection that can run at some inopportune time. There's no extra code to do bounds or pointer checking to slow down the code or even get in the way.
The flip side of this is that you either do the bounds checking yourself (and often get it wrong, leading to security vulnerabilities) and end up passing it through a compiler that isn't designed to aggressively elide bounds checks that it can prove are not needed.
Generally it is pretty easy to move between different versions of the toolchain. C generally doesn't change much.
I can't tell from the Internet. Did you actually say that with a straight face? Even moving between different versions of the same C toolchain can cause C programs that depend on undefined or implementation-defined behaviour (i.e. basically all C programs - including yours given that several of the things that you listed in another post in this thread as really nice features of C are undefined behaviour, such as casting from a long to a pointer) are now optimised into something that doesn't do what the programmer intended.
I am TheRaven on Soylent News
Complete bollocks.
I use C++ on a day to day basis on Atmel chips. I've written ray tracers in C++ on chips with 4K Flash and 128 bytes of RAM using ordinary "float" data types.
The entire "Arduino" ecosystem runs on C++, driving 3D printers, robots, etc. on tiny microcontrollers. How do you explain that Pesky Fact?
Java, Python and VB.net don't have a snowball's chance in hell of running on one of those chips.
(Most likely you've never even used C++, you're just repeating crap you once read on the Internet)
No sig today...
Right, but it's shitty for the programmer to manage it manually, isn't it?
Not as shitty as having to guess when Java will close the file you just wrote (eg. so you can copy it to a USB stick).
Resource management is much more than RAM, it's files, network connections, etc. Garbage collectors handle RAM OK but they're really really crap for everything else. In reality languages like Java need just as much manual resource management as C.
The only language which really doesn't need manual work is C++. C++ has stack unwinding. C++ frees resources immediately when objects go out of scope, not when some garbage collector decides to wake up (which might be "never" - your file might _never_ close unless you quit the program).
No sig today...
The trick to using C++ in embedded is to throw away stuff like the STL that depends on memory allocation, and the ivory-tower stunt crap like iostreams. Even templates are generally bad because they cause code size to explode by compiling a new version of each method for every class that uses them.
Basically, do what mbed does and use it as "C with classes". If you declare global objects for each I/O device, the class declaration then becomes an API for the device, and the object hides all the internal state. The operational details of it can be rewritten for a similar kind of device, without changing the code that uses it. If you do things right, you might even save some bytes. C++'s inlining of method calls when there is no ambiguity also contributes to the efficiency. It is also much easier to use virtual methods than to deal with the twisty function pointer syntax in C, plus you only get one set of virtual function pointers generated per class in the vtable, and can't use the wrong function pointers by accident.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
You've got it backwards. Yes, I do know x86 and the pertinent C implementations rather well. But no, since C abstracts those concepts away, there is a) no need to and b) it actually makes things less portable if you have implicit assumptions about what the machine has and does WHEN C ALLOWS YOU TO NOT CARE ABOUT IT.
So please tell me, given the code
int a, *b = malloc(sizeof *b);
What exactly is the advantage of thinking about `a` and `b` as "on the stack" and `*b` "on the heap"? I truly don't get it.
What is the problem with thinking about `a` and `b` as having automatic storage duration+block scope, and `*b` having allocated storage duration? It's THOSE TERMS that have well-defined semantics that EVERY C implementation (including those that put things "on the stack"/"on the heap") *has* to comply with. (That is apart from the fact that something you think is "on the stack" might well be NOT on the stack because it's "in a register", or got opimized out entirely, rendering your stack/heap categorization as a heuristic at best).
Learn some C. Make your programs more portable. You'll end up a better C programmer.
CLI paste? paste.pr0.tips!
I disagree, I think objects, templates and the static type system are core parts of C++. Exceptions and RTTI are nice features but not necessarily helpful to have in every C++ program.
“Common sense is not so common.” — Voltaire